Cisco updated its IOS software to fix remotely exploitable vulnerabilities with its switches and routers.
One critical vulnerability affects the DHCP relay subsystem in IOS and IOS XE software.
With this issue, a remote and unauthenticated attacker can execute arbitrary code and gain full control of the targeted system or cause it to enter a denial-of-service (DoS) condition by triggering a buffer overflow via specially crafted DHCPv4 packets.
In addition, another critical vulnerability related to the web-based user interface allows an authenticated attacker to escalate privileges. The issue comes from new users created via the web interface end up given elevated privileges by default. An attacker can create a new account and use it to gain access to the device with high privileges, according to Cisco’s advisory.
Another critical flaw is a REST API issue which allows a remote attacker to bypass authentication and gain access to the web-based user interface of devices running vulnerable versions of the IOS software.
On September 7, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.
Multiple Cisco products incorporate a version of the Apache Struts 2 package affected by this vulnerability.
Cisco is investigating its product line to determine which products may be affected by this vulnerability and the impact on each affected product. As the investigation progresses, Cisco will update this advisory
Cisco also patched 11 high severity flaws affecting IOS and/or IOS XE. This includes DoS vulnerabilities affecting Catalyst switches, Integrated Services routers, industrial Ethernet switches, ASR 1000 series routers, and cBR-8 Converged Broadband routers.
A majority of these security holes ended up discovered during internal testing and there is no evidence that they have been exploited for malicious purposes, Cisco said.